Description

Bitcoin has enjoyed wider adoption than any previous crypto-currency; yet its success has also attracted the attention of fraudsters who have taken advantage of operational insecurity and transaction irreversibility. We study the risk investors face from Bitcoin exchanges, which convert between Bitcoins and hard currency. We examine the track record of 40 Bitcoin exchanges established over the past three years, and find that 18 have since closed, with customer account balances often wiped out. Fraudsters are sometimes to blame, but not always. Using a proportional hazards model, we find that an exchange’s transaction volume indicates whether or not it is likely to close. Less popular exchanges are more likely to be shut than popular ones. We also present a logistic regression showing that popular exchanges are more likely to suffer a security breach.

1 Beware the Middleman: Empirical Analysis of Bitcoin-Exchange Risk Tyler Moore1 and Nicolas Christin2 1 Computer Science & Engineering, Southern Methodist University, USA, tylerm@smu.edu 2 INI & CyLab, Carnegie Mellon University, USA, nicolasc@cmu.edu Abstract. Bitcoin has enjoyed wider adoption than any previous crypto-currency; yet its success has also attracted the attention of fraudsters who have taken advantage of operational insecurity and transaction irreversibility. We study the risk investors face from Bitcoin exchanges, which convert between Bitcoins and hard currency. We examine the track record of 40 Bitcoin exchanges established over the past three years, and ﬁnd that 18 have since closed, with customer account balances often wiped out. Fraudsters are sometimes to blame, but not always. Using a proportional hazards model, we ﬁnd that an exchange’s transaction volume indicates whether or not it is likely to close. Less popular exchanges are more likely to be shut than popular ones. We also present a logistic regression showing that popular exchanges are more likely to suffer a security breach. Keywords: Bitcoin, currency exchanges, security economics, cybercrime 1 Introduction Despite added beneﬁts such as enhanced revenue [1] or anonymity [2], and often elegant designs, digital currencies have until recently failed to gain widespread adoption. As such, the success of Bitcoin [3] came as a surprise. Bitcoin’s key comparative advantages over existing currencies lie in its entirely decentralized nature and in the use of proof-of-work mechanisms to constrain the money supply. Bitcoin also beneﬁted from strongly negative reactions against the banking system, following the 2008 ﬁnancial crisis: Similar in spirit to hard commodities such as gold, Bitcoin offers an alternative to those who fear that “quantitative easing” policies might trigger runaway inﬂation. As of January 2013, Bitcoin’s market capitalization is approximately US$187 million [4]. However, with success comes scrutiny, and Bitcoin has been repeatedly targeted by fraudsters. For instance, over 43,000 Bitcoins were stolen from the Bitcoinica trading platform in March 2012 [5]; in September 2012, $250,000 worth of Bitcoins were pilfered from the Bitﬂoor currency exchange [6]. Interestingly, experience from previous breaches does not suggest that failures necessarily trigger an exodus from the currency. In fact, with two possible exceptions—a June 2011 hack into the largest Bitcoin currency exchange, which coincided with the USD-Bitcoin exchange rate peaking, and the August 2012 downfall of the largest Bitcoin Ponzi scheme [8]—the (volatile) Bitcoin exchange rate has ﬂuctuated independently from disclosed hacks and scams. While Bitcoin’s design principles espouse decentralization, an extensive ecosystem of third-party intermediaries supporting Bitcoin transactions has emerged. Intermediaries include currency exchanges used to convert between hard currency and Bitcoin; Authors’ pre-publication version. Cite as: Tyler Moore and Nicolas Christin. Beware the middleman: empirical analysis of Bitcoin-exchange risk. In Ahmad-Reza Sadeghi, editor, Financial Cryptography, volume 7859 of Lecture Notes in Computer Science, pages 25-33. Springer, 2013.

2 Tyler Moore and Nicolas Christin marketplace escrow services [7]; online wallets; mixing services; mining pools; or even investment services, be they legitimate or Ponzi schemes [8]. Ironically, most of the risk Bitcoin holders face stems from interacting with these intermediaries, which operate as de facto centralized authorities. For instance, one Bitcoin feature prone to abuse is that transactions are irrevocable, unlike most payment mechanisms such as credit cards and electronic fund transfers. Fraudsters prefer irrevocable payments, since victims usually only identify fraud after transactions take place [9, 10]. Irrevocability makes any Bitcoin transaction involving one or more intermediaries subject to added risk, such as if the intermediary becomes insolvent or absconds with customer deposits. In this paper, we focus on one type of intermediary, currency exchanges, and empirically examine the risk Bitcoin holders face from exchange failures. Section 2 explains our data collection and measurement methodology. Section 3 presents a survival analysis of Bitcoin exchanges, and shows that an exchange probability of closure is inversely correlated to its trade volumes. Section 4 complements this analysis with a logistic regression that indicates that popular exchanges are more likely to suffer security breaches. Section 5 reviews related work and Section 6 discusses follow-up research. 2 2.1 Data on Bitcoin-Exchange Closures Data Collection Methodology We begin by collecting historical data on the Bitcoin exchange rates maintained by the website bitcoincharts.com. This includes the daily trade volumes and average weighted daily price for 40 Bitcoin exchanges converting into 33 currencies until January 16, 2013, when the data collection was made. We calculated the average daily trade volume for each exchange by tallying the total number of Bitcoins converted into all currencies handled by the exchange for the days the exchange was operational. We also calculate the “lifetime” of each exchange, that is, the number of days the exchange is operational, denoted by the difference between the ﬁrst and last observed trade. We deem an exchange to have closed if it had not made a trade in at least two weeks before the end of data collection. We further inspected the existence of a report on the Bitcoin Wiki [11] or on Bitcoin forums [12] to conﬁrm closure, and determine whether closure was caused by a security breach (e.g., hack or fraud). We also checked for reports on whether or not investors were repaid following the exchange’s closure. Finally, to assess regulatory impact, we attempted to identify the country where each exchange is based. We then used an index (ranging between 0 and 49) computed by World Bank economists [13] to identify each country’s compliance with “Anti-MoneyLaundering and Combating the Financing of Terrorism” (AML-CFT) regulations [13]. 2.2 Summary Statistics Table 1 lists all 40 known Bitcoin currency exchanges, along with relevant facts about whether the exchange later closed. Nine exchanges experienced security breaches, caused either by hackers or other criminal activity. Five of these exchanges subsequently closed, but four have survived so far (Mt. Gox, btc-e.com, Bitﬂoor, and Vircurex). Another 13 closed without experiencing a publicly-announced breach.

4 Tyler Moore and Nicolas Christin exchanges are opened at different times and so their maximum potential lifetimes vary, and a majority of exchanges remain viable at the end of our observation period. Survival analysis can properly account for this. 3 Survival Analysis of Exchange Closure We use survival analysis to estimate the time it takes for Bitcoin exchanges to close and to identify factors that can trigger or stave off closure. Robust estimation requires considering that some exchanges remain open at the end of our measurement interval (“censored” data points). Two mathematical functions are commonly used. First, a survival function S(t) measures the probability that an exchange will continue to operate longer than for t days. Second, a hazard function h(t) measures the instantaneous risk of closure at time t. To identify factors affecting an exchange’s survival time, we use a Cox proportional hazards model [14], rather than traditional linear regression. We can also estimate the survival function using the best-ﬁt Cox model. 3.1 Statistical Model We hypothesize that three variables affect the survival time of a Bitcoin exchange: Average daily transaction volume: an exchange can only continue to operate if it is proﬁtable, and proﬁtability usually requires achieving scale in the number of feegenerating transactions performed. We expect that exchanges with low transaction volume are more likely to shut down. We use a log-transformation of the transaction volume given how skewed transaction volumes are. Experiencing a security breach: suffering a security breach can erase proﬁts, reduce cash ﬂow, and scare away existing and prospective customers. We thus expect breached exchanges to be more likely to subsequently close. AML/CFT compliance: some Bitcoin exchanges complain of being hassled by ﬁnancial regulators. Thus, exchanges operating in countries with greater emphasis on antimoney laundering efforts may be pressured into shutting down. We then construct a corresponding proportional hazards model [14]: hi (t) = h0 (t) exp(β1 log(Daily vol.)i + β2 Breachedi + β3 AMLi ). Here, hi (t) is the hazard rate for exchange i, log(Daily vol.)i is the transaction volume at exchange i, Breachedi indicates whether exchange i suffered a security breach, and AMLi denotes the AML/CFT compliance score for the exchange’s country of incorporation. β1 , β2 , β3 are best-ﬁt constants, and h0 (t) is the unspeciﬁed baseline hazard. 3.2 Results The best-ﬁt Cox model is: coef. exp(coef.) Std. Err.) log(Daily vol.)i β1 −0.173 0.840 0.072 Breachedi β2 0.857 2.36 0.572 AMLi β3 0.004 1.004 0.042 log-rank test: Q=7.01 (p = 0.0715), R2 = 0.145 Signiﬁcance p = 0.0156 p = 0.1338 p = 0.9221

1.0 Beware the Middleman: Empirical Analysis of Bitcoin-Exchange Risk 0.4 0.6 0.8 Intersango Mt. Gox Bitfloor Vircurex Average 0.0 0.2 Survival probability 5 0 200 400 600 800 Days Fig. 1. Empirically-derived survival probability function for Bitcoin exchanges. The daily volume is negatively associated with the hazard rate (β1 = −0.173): doubling the daily volume rate corresponds to a 16% reduction in the hazard rate (exp(β1 ) = 0.84) . Thus, exchanges that process more transactions are less likely to shut down. Suffering a breach is positively correlated with hazard, but with a p-value of 0.1338, this correlation falls just short of being statistically signiﬁcant at this time. Given that just nine exchanges publicly reported suffering breaches and only ﬁve later closed, it is not surprising that the association is not yet robust. Finally, the anti-money laundering indicator has no measurable correlation with exchange closure. This could suggest that regulatory oversight is not triggering closures, but it could also reﬂect that the indicator itself does not accurately convey differences in attitudes the world’s ﬁnancial regulators have taken towards Bitcoin. Figure 1 plots the best-ﬁt survival function according to the Cox model. The survival function precisely quantiﬁes the probability of failure within a given amount of time. This can help Bitcoin investors weigh their risks before putting money into an exchange-managed account. The black solid line plots the estimated survival function for the best ﬁt parameters outlined above for the mean values of exchange volume, whether a site has been hacked, and AML score. For instance, S(365) = 0.711 with 95% conﬁdence interval (0.576, 0.878): there is a 29.9% chance a new Bitcoin exchange will close within a year of opening (12.2%–42.4% with 95% conﬁdence). Figure 1 also includes survival functions for several Bitcoin exchanges. These are calculated based on the exchange’s values for parameters in the Cox model (e.g., transaction volume). For instance, Mt. Gox and Intersango are less likely to close than other exchanges. Meanwhile, Vircurex (established in December 2011 and breached in January 2013) continues to operate despite low transaction volumes and a survival function that estimates one-year survival at only 20%. The right-most column in Table 1 presents relative risk ratios for all exchanges. These indicate how the hazard function for each exchange compares to the baseline hazard. Values less than 1 indicate that the exchange is at below-average risk for closure; values greater than 1 denote above-average risk. Of course, any exchange may close, but those with lower risk ratios have a better chance of remaining operational. For instance, while 6 of the 18 closed exchanges have risk ratios below 1, 12 of the 22 open ones do.

6 4 Tyler Moore and Nicolas Christin Regression Analysis of Exchange Breaches While we cannot conclude that security breaches trigger exchanges to close, we can examine whether any other factors affect the likelihood an exchange will suffer a breach. 4.1 Statistical Model We use a logistic regression model with a dependent variable denoting whether or not an exchange experiences a breach. We hypothesize that two explanatory variables inﬂuence whether a breach occurs: Average daily transaction volume: bigger exchanges make richer targets. As an exchange processes more transactions, more wealth ﬂows into its accounts. Consequently, we expect that proﬁt-motivated criminals are naturally drawn to exchanges with higher average daily transaction volumes. Months operational: every day an exchange is operational is another day that it could be hacked. Longer-lived exchanges, therefore, are more exposed to breaches. The model takes the following form: log (pb /(1 − pb )) = c0 + c1 log(Daily vol.) + c2 months operational + ε. The dependent variable pb is the probability that an exchange experiences a security breach, c0 , c1 , c2 are best-ﬁt constants, log(daily vol.) is the log-transformed daily transaction volume at the exchange, # months operational is the time (in months) that the exchange has been operational, and ε is an error term. 4.2 Results The logistic regression yields the following results: coef. Odds-ratio 95% conf. int. Signiﬁcance Intercept −4.304 0.014 (0.0002,0.211) p = 0.0131 log(Daily vol.) 0.514 1.672 (1.183,2.854) p = 0.0176 Months operational −0.104 0.901 (0.771,1.025) p = 0.1400 Model ﬁt: χ2 = 10.3, p = 0.00579 Transaction volume is positively correlated with experiencing a breach. Months operational, meanwhile, is negatively correlated with being breached, but the association just falls short of statistical signiﬁcance (p = 0.14). Thus, we face a conundrum: according to the results of Section 3, high-volume exchanges are less likely to close but more likely to experience a breach. Bitcoin holders can choose to do business with less popular exchanges to reduce the risk of losing money due to a breach, or with more popular exchanges that may be breached, but are less likely to shut down without warning. Figure 2 takes the coefﬁcients for a best-ﬁt logit model and plots the probability that an exchange operational for the average duration of one year will be breached as transaction volume increases. For example, exchanges handling 275 Bitcoins’ worth of transactions each day have a 20% chance of being breached, compared to a 70% chance for exchanges processing daily transactions worth 5570 Bitcoins.

Predicted probability 90% C.I. 0.2 0.4 0.6 0.8 1.0 7 0.0 Probability exchange has breach Beware the Middleman: Empirical Analysis of Bitcoin-Exchange Risk 5 50 500 5000 50000 Daily transaction volume at exchange Fig. 2. Probability that an exchange will experience a breach as the average volume of Bitcoins exchanged varies, according to the best-ﬁt logit model. 5 Related Work Bitcoin’s recent success has piqued the interest of a number of researchers in studying it. A couple of works looked into the cryptographic aspects [15, 16, 17] and ways to either improve or build on Bitcoin. Another set of papers explored the Bitcoin network of transactions [18, 19], and documented practical uses of Bitcoin [7]. Others yet investigated economic considerations regarding, in particular, the economic costs of proof-of-work mechanisms such as Bitcoin [20]. Different from these related efforts, we believe our paper is the ﬁrst to focus on Bitcoin exchanges. 6 Discussion In this paper, we empirically investigated two risks linked to Bitcoin exchanges. We conducted a survival analysis on 40 Bitcoin exchanges, which found that an exchange’s average transaction volume is negatively correlated with the probability it will close prematurely. We also presented a regression analysis which found that, in contrast to the survival analysis, transaction volume is positively correlated with experiencing a breach. Hence, the continued operation of an exchange depends on running a high transaction volume, which makes the exchange a more valuable target to thieves. Our statistical analysis presents three notable limitations. First, there is substantial randomness affecting when an exchange closes or is breached that is not captured by our model. Future work might investigate additional explanatory variables, such as the exchange reputation. Second, some explanatory variables did not achieve statistical signiﬁcance due to the data set’s modest size. The analysis is worth revisiting as time passes and new exchanges are opened and old ones close. Third, some indicators may need to be changed as Bitcoin grows. For instance, rapid increases in transaction volumes may render long-term unweighted averages less meaningful. Finally, we focused on economic considerations, such as closure risks, that a rational actor would want to estimate before investing in a given exchange. However, reducing Bitcoin to a mere speculative instrument misses an important piece of the puzzle. Most Bitcoin users are early adopters, often motivated by non-economic considerations. For instance, Silk Road users, who constitute a large share of the Bitcoin economy [7], may shy away from exchanges that require identiﬁcation, and instead prefer assurances of

Beware the Middleman: Empirical Analysis of Bitcoin ...

Abstract: We study the risk investors face from Bitcoin exchanges, which convert between Bitcoins and hard currency. [...] An exchange’s transaction ...Read more

Beware the Middleman: Empirical Analysis of Bitcoin ...

Beware the Middleman: Empirical Analysis of Bitcoin-Exchange Risk. Bitcoin has enjoyed wider adoption than any previous crypto-currency; yet its success ...Read more

These presentations are classified and categorized, so you will always find everything clearly laid out and in context.
You are watching Procesoproductivo 100604182433-phpapp01 presentation right now. We are staying up to date!